OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.02 2016-03-01T14:48:08+00:00 2016-03-01T14:48:08+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-01T14:38:36+00:00 urn:sha1:25b218c144805a4fcd100396a936bc7bdccdedbc Fixes: CVE-2016-0800 - Cross-protocol attack on TLS using SSLv2 (DROWN) CVE-2016-0705 - Double-free in DSA code CVE-2016-0798 - Memory leak in SRP database lookups CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption CVE-2016-0799 - Fix memory issues in BIO_*printf functions CVE-2016-0702 - Side channel attack on modular exponentiation Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-01-28T21:26:15+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-01-28T19:37:07+00:00 urn:sha1:7d8b6bdd0075a57c2a4bb083197da7b41d6cef47 Fixes DH small subgroups (CVE-2016-0701) SSLv2 doesn't block disabled ciphers (CVE-2015-3197) An update on DHE man-in-the-middle protection (Logjam) Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-12-17T21:15:33+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2015-12-03T21:31:16+00:00 urn:sha1:37e7c34aaf74d6115ccfbc0fb233d3e8b016b6fc The previous incarnation was incomplete, it only applied one of the Gentoo patches, hence it had corner cases. Apply all 4 patches as pointed out by Mike on the mailing list. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-12-03T21:08:27+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2015-12-03T17:49:42+00:00 urn:sha1:e9fb14ecef2427d3b98586c667f1e19112de5f90 Fixes: CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64 CVE-2015-3194 - Certificate verify crash with missing PSS parameter CVE-2015-3195 - X509_ATTRIBUTE memory leak Enable IDEA as well since otherwise the build breaks (always great upstream) - it's no longer patent encumbered. [Peter: correct sha256] Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-11-23T17:32:25+00:00 Yann E. MORIN yann.morin.1998@free.fr 2015-11-23T16:23:57+00:00 urn:sha1:a597e3c676948c6c1eb6440c82f19b7460f29192 This reverts commit 55e4ec054c21b9164e10c323a5f0afff1deb1d67. There are still build failures in parallel builds: http://autobuild.buildroot.org/results/9a0/9a0fc1064010a658155e6a18ec72e0e3c58ec7f6/ http://autobuild.buildroot.org/results/c28/c28064f383da1f577bd9227d004f1939daf4579f/ http://autobuild.buildroot.org/results/218/2180b9d900b27103acc92a2932f7ffa560b04831/ and so on... Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Ryan Barnett <rjbarnet@rockwellcollins.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-09-23T21:27:42+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2015-09-22T14:23:40+00:00 urn:sha1:35495daed39933db06dcc62a335fff89836d1853 Switch from : to # since CFLAGS can include :'s spilled in from BR2_TARGET_OPTIMIZATION, for example: BR2_TARGET_OPTIMIZATION="-Wl,-rpath,/lib:/usr/lib" would cause the sed expression to fail thus breaking the build. Changed all of the SEDs to # for consistency. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-16T20:20:52+00:00 Ryan Barnett ryanbarnett3@gmail.com 2015-09-16T12:06:25+00:00 urn:sha1:55e4ec054c21b9164e10c323a5f0afff1deb1d67 This is a patch that is originally based on a patch Thomas P. submitted for an earlier version of this package. I have adopted this patch to use the latest available Gentoo parallel patch. I have also seen about a minute improvement on my build times of openssl. Part of Thomas P's original message: On my build server, the current build of OpenSSL takes 1 minutes and 20 seconds. With this commit applied, enabling parallel build and installation, the build only takes 28 seconds. All the patches are downloaded from Gentoo. There is apparently some interest in upstream OpenSSL to enable parallel build, see for example commit https://github.com/openssl/openssl/commit/c3f22253b139793ff3b91ff7e6969e180cf06815. This commit is not part of any OpenSSL release, but we can hope that the problem will resolved in the future. Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> CC: Gustavo Zacarias <gustavo@zacarias.com.ar> CC: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-09-16T20:20:30+00:00 Ryan Barnett ryanbarnett3@gmail.com 2015-09-16T12:06:24+00:00 urn:sha1:4062459b82349eab3dd116b052988b59c1717de0 Using Git formatted patches makes it easier to adjust the patches when needed. [Thomas: remove patch numbering.] Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> CC: Gustavo Zacarias <gustavo@zacarias.com.ar> CC: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-09T20:03:05+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-07-09T18:45:13+00:00 urn:sha1:d4e547438cf3add7ad7c816e8fbcb8dd205cac20 Fixes CVE-2015-1793 - Alternative chains certificate forgery. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-09T06:55:16+00:00 Peter Korsgaard peter@korsgaard.com 2015-07-09T06:55:16+00:00 urn:sha1:ecd8e9b238fdac958a9174984c8e64e79c866ebe The dependency doesn't make sense now that the option only controls if the built binary gets installed into the target or not, so drop it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>